A Code Division Multiple Access 1X (CDMA 1X) network and an EVDO network coexist for a long period of time during evolution of a Code Division Multiple Access (CDMA) network toward the 3rd Generation (3G) wireless communication network. An authentication method for the EVDO network and that for the CDMA 1X network greatly differ in that a Message Digest 5 (MD5) authentication method is adopted for the EVDO network and a Cellular Authentication and Voice Encryption (CAVE) authentication method is adopted for the CDMA 1X network and hardened in a User Identity Module (UIM) card. In order to be able to support the use of the UIM card for the CDMA 1X network in the EVDO network, it is necessary for the existing authentication method for the EVDO network to support both the MD5 authentication method and the CAVE authentication method concurrently.
The authentication method for the EVDO network is performed generally in two steps: firstly a mobile terminal initiates Network Access Identifier (NAI) authentication, and then an authentication server initiates Challenge Handshake Authentication Protocol (CHAP) authentication. A processing flow of the CHAP authentication in a current general platform is as follows.
In the CHAP authentication process, the authentication server transmits to the mobile terminal a CHAP authentication request including a name of the CHAP authentication request, a description of the CHAP authentication request and a key value for authentication with a length of, e.g., 16 bytes. Upon reception of the CHAP authentication request, the mobile terminal obtains the key value and then invokes the MD5 authentication method for calculation if an identifier of supporting the MD5 authentication method is stored in the UIM card as determined in the NAI authentication process; otherwise, the mobile terminal invokes the CAVE authentication method for calculation if the UIM card supports the CAVE authentication method. A calculated authentication key value with the same length as that of the key value is transmitted to the authentication server, and the CHAP authentication passes after being verified by the authentication server without any mistake.
Next the authentication server transmits to the mobile terminal a username and a password for the mobile terminal to log in the EVDO network, and the mobile terminal logs in the EVDO network, then the entire authentication process ends.
Since some inevitable human mistakes may occur in the existing hybrid network, the foregoing CHAP authentication process suffers from some obvious drawbacks so that the CHAP authentication fails.
In the CHAP authentication process, the authentication server of the EVDO network may suffer from a drawback because the authentication server may support only the CAVE authentication method but cannot support the MD5 authentication method so that in the CHAP authentication process, when the MD5 authentication method is invoked in the UIM card, in which an identifier of supporting the MD5 authentication method is stored, to calculate and transmit a set of authentication key values to the authentication server for authentication, the CHAP authentication may fail because the authentication server cannot support the MD5 authentication method. Furthermore, there are some UIM cards in the market in which an identifier of supporting the MD5 authentication method is stored incorrectly, such a mistake occurs in a production process that the MD5 authentication method is not written into the UIM cards although the identifier of supporting the MD5 authentication method is stored therein, that is, the value at the N5 position is 11, therefore, the MD5 authentication method may fail to be invoked in the CHAP authentication process and thus the CHAP authentication fails.